New user; I have mx67, ms120, windows server 2016 running active directory and dns.
Is that enough to run client vpn and authorize users or do I need additional stuff on the windows 2016 server?
"3:27:21.633548 IP 166.173.59.91.33506 > 162.233.197.233.1701: l2tp:[TLS](24253/12933)Ns=4,Nr=3 *MSGTYPE(CDN) *ASSND_SESS_ID(12055) *RESULT_CODE(768/0 )" is the last message in a packet trace before I get "authentication failed" message.
Solved! Go to solution.
Thank you, I have reviewed the document step by step for the past week. My experience says it has to be something simple/basic at this point. Does the fact that I have one clan (vlan 0) for everything? No errors on the AD server. Packet capture shows traffic to and from the domain controller on port 3268 but I don't really know what I looking at beyond the traffic is there.
Currently, Active Directory-based authentication works only if one of the following is true:
If there are multiple Domain Controllers in the domain, all of them must meet one of these criteria in order for Active Directory integration to function properly.
I think I have satisfied the above requirement because packet capture shows traffic between the device on the wan port (IPHONE connected to let network) and Lan device (Domain Controller).
Meraki cloud Authentication works but it is not the best solution for my network because I have applications running on the network that will be accessed by outside vendors that I eventually will want to separate them on to a separate vlan.
I have to be missing something probably simple.
What is actually wrong? What is not working? What error messages and codes do you get?
Congrats and off to the next issue! Life in IT...